Even for organisations that are not required under the GDPR to have a Data Protection Officer, accessing expert advice on data protection is a must.
However, finding and retaining a person with the right skills and expertise can be challenging. It may also represent a distraction from core business activities, and there may not be enough work to justify a full-time, permanent position – which also raises the risk that candidates may seek more stimulating employment elsewhere.
Building on 30 years of experience in data management and governance solutions for leading financial services organisations, Northdoor’s Data Protection Advisory Service enables organisations to access the expert skills they need rapidly, cost-effectively and within a flexible annual subscription.
The service is tailored to each organisation’s precise needs and provides a comprehensive set of activities to help address GDPR compliance.
The General Data Protection Regulation (GDPR), in force from May 25th 2018, requires certain types of organisation to appoint a Data Protection Officer. These are as follows
1. Public authorities and other public bodies. All central and local government departments, agencies and other public bodies must appoint a DPO.
2. Organisations whose core business activity is monitoring individuals regularly and systematically on a large scale. This can include running payroll services, providing standard IT support, providing email remarketing services and offering location-tracking services through apps.
3. Organisations whose core business activity consists of large-scale processing of special categories of personal data, including ethnic origin, political opinions, religious beliefs, physical and mental health, and criminal records.
However, even if your organisation does not require an official DPO, you will certainly need ongoing expert advice on data protection.
In a job market where many experienced data-protection specialists have already been snapped up by large corporates to work as DPOs, it may be difficult for organisations to tap into the appropriate skills and knowledge. Equally, not all organisations will have enough work to keep a full-time, permanent advisor occupied.
At best, this means that they face overpaying for the services they need, and at worst, that their appointed person may soon get a better offer from an organisation that can provide a more stimulating working environment.
For smaller organisations, investing in in-house capabilities for all functions is generally economically unviable – and a potential distraction from the core business. In such cases, bringing in external advice will help address the compliance demands of the GDPR while removing the difficulty, cost and distraction of needing to find, employ and retain a permanent employee.
To help organisations rapidly and cost-effectively access the necessary expertise for addressing GDPR compliance, Northdoor offers its Data Protection Advisory Service. With this simple annual subscription – tailored to fit your specific requirements – Northdoor assigns an expert to serve as an independent data protection specialist for your organisation.
Within the Data Protection Advisory Service, Northdoor offers a comprehensive range of services, scoped according to client need. As a guide, an entry-level service would typically cover the following activities:
In addition, Northdoor can provide the following services:
Northdoor’s decades of experience in the protection and governance of enterprise data have enabled us to build a comprehensive portfolio of services around the GDPR. Our services are modular, highly adaptable and can be applied at all stages of any regulatory compliance programme.
Prior to any formal engagement, including the Data Protection Advisory Service, Northdoor conducts a workshop assessment to determine your existing compliance status, capability maturity and organisation-specific risks.
An overview of the regulation and its impact
Data protection, privacy risks and penalties
Building a GDPR response program
Northdoor plc is a leading corporate IT consultancy and solutions organisation with almost 30 years of experience serving clients across multiple industries, from start-ups to large blue chip firms. Building on our data management and governance experience, Northdoor has developed deep expertise in the GDPR through both research and direct engagement with clients.
We have run numerous GDPR round tables, authored extensive advisory content on the topic, and have multiple ongoing engagements with clients and prospects around the GDPR.
Northdoor’s expert GDPR services include: